docker EACCES：在容器中运行nestjs时，权限被拒绝，mkdir '/usr/src/app/dist'

cyej8jka 于 2024-01-06 发布在 Docker

关注(0)|答案(2)|浏览(173)

我试图通过GitHub Actions在Google Cloud上的VM上的容器内运行NestJS应用程序。
在本地，一切都正常运行，但在VM上，我收到以下权限错误：

error TS5033: Could not write file '/usr/src/app/dist/users/enums/role.enum.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/enums/role.enum.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.module.d.ts': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.module.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.module.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.resolver.d.ts': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.resolver.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.resolver.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.service.d.ts': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.service.js': EACCES: permission denied, mkdir '/usr/src/app/dist'.
error TS5033: Could not write file '/usr/src/app/dist/users/users.service.js.map': EACCES: permission denied, mkdir '/usr/src/app/dist'.
[6:19:10 PM] Found 154 errors. Watching for file changes.

字符串
我的Dockerfile：

###################
# BUILD FOR LOCAL DEVELOPMENT
###################
FROM node:18 As development
WORKDIR /usr/src/app
COPY --chown=node:node package*.json ./
RUN npm ci
COPY --chown=node:node . .
USER node
###################
# BUILD FOR PRODUCTION
###################
FROM node:18 As build
WORKDIR /usr/src/app
COPY --chown=node:node package*.json ./
COPY --chown=node:node --from=development /usr/src/app/node_modules ./node_modules
COPY --chown=node:node . .
RUN npm run build
ENV NODE_ENV production
RUN npm ci --only=production && npm cache clean --force
USER node
###################
# PRODUCTION
###################
FROM node:18 As production
COPY --chown=node:node --from=build /usr/src/app/node_modules ./node_modules
COPY --chown=node:node --from=build /usr/src/app/dist ./dist
CMD [ "node", "dist/main.js" ]

型
docker-compose：

services:
  api:
    restart: always
    build:
      dockerfile: Dockerfile
      context: .
      target: development
    env_file:
    - .env
    command: npm run start:dev
    ports:
      - 3000:3000
    depends_on:
      - postgres
  postgres:
    image: postgres
    restart: always
    ports:
      - "5435:5432"
    environment:
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      
  pgadmin:
    image: dpage/pgadmin4
    restart: always
    container_name: pgadmin4
    environment:
      - PGADMIN_DEFAULT_EMAIL=${PGADMIN_DEFAULT_EMAIL}
      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
    ports:
      - '5050:80'
    depends_on:
      - postgres
  
  redis:
    image: redis
    ports:
      - "6379:6379"
    restart: always
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    command: redis-server --requirepass ${REDIS_PASSWORD}

型
CI：

name: deployment
on:
  push:
    branches: [ "test" ]
  pull_request:
    branches: [ "test" ]
jobs:
  deploy:
    runs-on: self-hosted
    steps:
    - name: Clone repository 
      uses: actions/checkout@v4
      with:
        ref: ${{ github.event.pull_request.head.ref }}
    - run: echo "🖥️ The workflow is now ready to test your code on the runner."
    - name: List files in the repository
      run: |
        ls ${{ github.workspace }}
    - run: cp .env.example .env
    - run: npm install
    - name: deploy
      run: docker compose -f ci.docker-compose.yml up --detach --force-recreate

型
正如你所看到的，我只使用了Dockerfile中的开发部分。
我在Dockerfile和docker-compose中使用了不同的语句：chown，mkdir dist等，但没有成功。
编辑：
我重新构造了Dockerfile：

FROM node:18
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
EXPOSE 3000
CMD ["npm", "run", "start:dev"]

型
Docker compose：

services:
  api:
    build:
      dockerfile: Dockerfile
      context: .
    restart: always
    ports:
      - '3000:3000'
    env_file:
      - .env
    depends_on:
      - postgres
    volumes:
      - .:/app/src
  postgres:
    image: postgres
    restart: always
    ports:
      - "5432:5432"
    environment:
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      
  pgadmin:
    image: dpage/pgadmin4
    restart: always
    container_name: pgadmin4
    environment:
      - PGADMIN_DEFAULT_EMAIL=${PGADMIN_DEFAULT_EMAIL}
      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_DEFAULT_PASSWORD}
    ports:
      - '5050:80'
    depends_on:
      - postgres
  
  redis:
    image: redis
    ports:
      - "6379:6379"
    restart: always
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    command: redis-server --requirepass ${REDIS_PASSWORD}